Viruses, Trojans, spyware, ransomware, and other kinds of malware are a constant threat to any computing device that requires network connectivity. Many different types of security systems exist to combat these threats, ranging from browser plug-ins, to virus scanners, to firewalls, and beyond. Countless new instances and permutations of malware are created every day, requiring security systems to be constantly updated. Despite all this, many pieces of malware still manage to infect computing devices and carry out a variety of malicious actions. Determining which type of malware a malicious file is may enable security systems to better protect computing devices from the malicious files.
Some traditional systems for classifying files as specific types of malware may rely on databases of known malware files. Such systems may be unable to correctly classify new malware that is not yet in the database. Other traditional systems may perform lengthy and computationally costly analyses on potentially malicious files, slowing down the execution of other applications on the computing device, frustrating the user, and potentially causing the user to disable the security system entirely. Some traditional systems may lose accuracy when attempting to sub-classify unknown files that have not yet been determined to be malicious or benign. The instant disclosure, therefore, identifies and addresses a need for systems and methods for classifying files as specific types of malware.